KDB keystores and default certificates

It's a little strange, and I need to think about this a little more when I get time....
But, with KDB keystores, you need to set a default certificate which the server will serve up when a client hits it

/opt/ihs/java/jre/bin/ikeycmd -cert -setdefault -label <mylabel>  -db <mystore> -pw <mypass>

If you don't do this you'll get the following error from openssl

4266:error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure:s23_clnt.c:596: